search menu icon-carat-right cmu-wordmark

Posts by Shane Ficorilli

Deploying the CERT Microcosm DevSecOps Pipeline using Docker-Compose and Kubernetes

Deploying the CERT Microcosm DevSecOps Pipeline using Docker-Compose and Kubernetes

• Blog
Shane Ficorilli

According to DevSecOps: Early, Everywhere, at Scale, a survey published by Sonatype, "Mature DevOps organizations are able to perform automated security analysis on each phase (design, develop, test) more often than non-DevOps organizations." Since DevOps enables strong collaboration and automation of the process and enforces traceability, mature DevOps organizations are more likely to perform automated security analysis than non DevOps organizations. My previous blog post, Microcosm: A Secure DevOps Pipeline as Code, helped address the...

Read More
Microcosm: A Secure DevOps Pipeline as Code

Microcosm: A Secure DevOps Pipeline as Code

• Blog
Shane Ficorilli

You've heard the hype and read dozens of blog posts on DevOps, and your organization has decided to make this cultural shift in hopes of taking advantage of automation and the benefits of the Agile methodologies. Making this shift as an engineering team, however, can often be cumbersome because many tech professionals are still unfamiliar with the technologies required to implement a complete DevOps pipeline, let alone one that includes security automation as well. In...

Read More

Contact the Author

Shane Ficorilli